May 01 2020 03:10 PM
If downloading the details for this type of alert, shouldn't there be a list ofsuspected users attached within the download?
May 02 2020 03:29 AM
How long have you had Azure ATP in place? Are you already getting these type of alerts, or is it still in its learning period as per - https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts#security...
May 04 2020 09:02 AM
It has been install for over 6 months. We have had one of these alerts in the past week which prompted the question from by CSOC team. They were expecting to see users in the alert. @PeterRising
May 04 2020 12:24 PM
May 05 2020 03:06 PM
May 06 2020 09:36 AM
May 06 2020 09:51 AM
May 06 2020 10:08 AM
@Ed Healea Unfortunately, the hotfix does not apply to previous alerts, can you verify that you can download the details for a new alert?
May 26 2020 05:05 PM
@Or Tsemah
We had a new alert come through and the download details did not contain any list of actors.
The tabs in the download are Summary, Source Computer, Domain Controllers, Event Activities and Related Entities.
Jun 03 2020 02:06 AM
Hey Ed, can you please open a support ticket and forward it to me (ort@microsoft.com) so we can investigate it?